Knowledgebase

Issue Discrepancy between Marketo webinar atttendance and webinar provider attendence report Solution Compare Webex report with Marketo Program members list to determine which leads are involved. Check to see if the leads involved have the same email address but used different names to register/attend. Workaround: Upload Webex final report to a static list and use the list to update the program attendance.   Root Cause Webex issues two reports, a preliminary when the webinar is finished and a final report approx. 12 hours later, which may have updated attendance info.  Marketo Engage uses the preliminary report to set the attended status in the program and does not update when the final report is released. Environment Webex Marketo Event Program synced to Webex webinar Final attendance report from Webex, not preliminary

Included in this article   How many total named accounts can I have within Marketo TAM? How many account lists can be created? How many Named Accounts can be added to the Account List? Is Marketo TAM Workspace specific? Which lead attributes are used for Lead-to-Account Matching? How are strong lead matches to Named Accounts determined? How are weak lead matches to Named Accounts determined? How can you make Marketo TAM automatically associate leads to Named Accounts? Do I see all the CRM accounts in the Discover CRM grid? Does the number of CRM accounts match the number of CRM accounts shown in Discover CRM grid? What does the Discover Marketo Companies grid show? What happens if I delete Named Accounts? Can I merge duplicate companies or CRM accounts manually in Marketo? How is the week-over-week engagement over time chart determined and how frequently it is calculated? How is the week-over-week pipeline chart determined and how frequently it is calculated? How is the week-over-week revenue chart determined and how frequently it is calculated? Does Marketo TAM backfill data for engagement over time charts? How far back can I see engagement over time, pipeline and revenue charts? How far back are email and web activities calculated for? How is pipeline determined? How frequently are account scores calculated? How is Currency calculated? Does Marketo TAM support Account hierarchy? Additional Documentation   How many total named accounts can I have within Marketo TAM? There is no limit from a product perspective.     How many account lists can be created? 1,000     How many Named Accounts can be added to the Account List? 500     Is Marketo TAM Workspace specific? No. Named Accounts are visible to all the Workspaces. But Lead Partition rules are still honored. Which means you can see a named account in multiple Workspaces but depending on the Lead Partition rules, you can only see leads belonging to the corresponding Workspace within that named account.     Which lead attributes are used for Lead-to-Account Matching? It is based on 3 lead attributes: Email Domain, IP Address and Company Name. We convert Email Domain and IP address to the Company Names and match all 3 to identify strong and weak matches.     How are strong lead matches to Named Accounts determined? When the Company Name matches 3 out of 3, or 2 out of 3 times, then we consider this a strong match.     How are weak lead matches to Named Accounts determined? When the Company Name matches only 1 out of 3 times, then we consider this a weak match.     How can you make Marketo TAM automatically associate leads to Named Accounts? When you create a Named Account from any of the Discover grids, Marketo creates rules which then going forward are used to do automatic association of leads from the company to Named Accounts.     Do I see all the CRM accounts in the Discover CRM grid? Yes, all the CRM accounts that are synced in Marketo show up here     Does the number of CRM accounts match the number of CRM accounts shown in Discover CRM grid? Not necessarily. Marketo ABM does light de-duplication by CRM account names. First, we remove company suffixes before matching to company names. (Ex: Co, Corp, Corporation, Gmbh, Inc, Incorporated, LLC, LLP, LP, Ltd, PA, PC, PLC, PLLC). Second, we merge companies or CRM accounts in Marketo with duplicate names (not case sensitive)     What does the Discover Marketo Companies grid show? This grid shows all the CRM accounts as well as Marketo Companies that we found in the Marketo lead database.     What happens if I delete Named Accounts? None of the leads associated with the Named Accounts will be deleted. You can always go back to the Discover Companies grid and re-create the Named Account.     Can I merge duplicate companies or CRM accounts manually in Marketo? Yes. You can use Discover Marketo Companies to do that.     How is the week-over-week engagement over time chart determined and how frequently it is calculated? We take daily account scores and show the maximum account score for that week. This chart is calculated every 8 hours.     How is the week-over-week pipeline chart determined and how frequently it is calculated? We add the total sum for the 'Amount' of all opportunities except closed-won and closed-lost. We show opportunity amount on last day of the week. This chart is calculated every 24 hours.     How is the week-over-week revenue chart determined and how frequently it is calculated? We add the total sum of the 'Amount' of all the closed-won opportunities on a weekly basis. This chart is calculated every 24 hours.     Does Marketo TAM backfill data for engagement over time charts? No. Engagement is tracked from the time Named Accounts are created. We don't backfill.     How far back can I see engagement over time, pipeline and revenue charts? 90 Days.     How far back are email and web activities calculated for? 30 Days.     How is pipeline determined? Pipeline is calculated as a sum total of 'Amount' for all open opportunities except closed-won and closed-lost in CRM accounts.     How frequently are account scores calculated? Every 30 minutes.     How is Currency calculated? Currency is the Subscription currency. Marketo ABM does not covert the currency.     Does Marketo TAM support Account hierarchy? Not in this current version, but it is planned for future versions.       Additional Documentation Here are some links to related Documentation that you may find useful:   Target Account Management (previously ABM) - Troubleshooting Tips Target Account Management Overview - Marketo Docs - Product Docs TAM - Issue a License - Marketo Docs - Product Docs TAM - Permissions - Marketo Docs - Product Docs TAM - Configure CRM Mapping - Marketo Docs - Product Docs TAM - Account Score - Marketo Docs - Product Docs TAM - Account Lists - Marketo Docs - Product Docs TAM - Add People to a Named Account - Marketo Docs - Product Docs TAM - Discover Accounts - Marketo Docs - Product Docs TAM - Lead to Account Matching - Marketo Docs - Product Docs TAM - Named Accounts - Marketo Docs - Product Docs TAM - Account Filters - Marketo Docs - Product Docs TAM - Account Triggers - Marketo Docs - Product Docs TAM Main Dashboard - Marketo Docs - Product Docs TAM - Account List Insights - Marketo Docs - Product Docs TAM - Named Account Dimension in RCA - Marketo Docs - Product Docs TAM - Named Account Insights - Marketo Docs - Product Docs

No, unfortunately we are unable to tell you what the spam trap address is. We don’t even know it ourselves! Spam trap addresses are proprietary to the blacklists that own them. Anti-spam professionals use spam trap addresses to track unsolicited emails. If a spam trap is known by the offending sender, the sender could simply remove the spam trap address from their lists and never actually address the data problem that caused that spam trap address to be included in their lists to begin with. Instead of asking what the spam trap address is, try to identify the source of the trap address and eliminate bad data sources from your mailing lists. You should be able to identify the email campaign that caused the blacklist issue, so you should start with those lists. To narrow it down and identify the problematic data source, you should consider the following: Have you recently added any new leads or new lead sources? What is the source of these leads? Any purchased or appended email addresses should be removed, because these data sources are often the source of newly introduced spamtraps. In addition, using purchased or appended email addresses for mailing is a violation of Marketo’s Email Use and Anti-Spam Policy. Have you added any older leads that have not been mailed to recently? Some email providers will turn an email address into a spam trap after a year of inactivity. If you have a list of addresses that has not been mailed to in a year or more, this list should be removed. Does your system use any custom fields to indicate customer status, event attendance, recent contact with your sales team, or other forms of engagement? If so, take advantage of this and isolate the inactive or non-responsive segments of your database using all of the activity data you have available. Is there anything about this specific mailing that makes it different compared to your previous email campaigns? Did you send any other mail on the same day? If so, you should compare the recipient lists. Think you have narrowed in on the problem? Check out our guide to blacklist remediation to find out what to do with that bad list and complete the remediation program.   Additional Resources: What is a spamtrap, or spam trap, and why does it matter? What is a blacklist? How does Marketo respond to blacklisting and spam notifications? Top blacklists - What you need to know Blacklist Remediation Successful Reconfirmation Blacklist Deep Dive Blacklist FAQ    

  Syntax Recommendations Common Look Up mechanisms Common Modifiers Too Many Mechanisms Character String Too Long Null Records in the SPF Record Repetitive Records in the SPF Record - Void Lookups Validation Tools Syntax Recommendations Common Look Up mechanisms a: mx: include: ip4: ip6: exists: ptr: all Common Modifiers redirect= exp=   An A Record must ALWAYS contain IP address (map host to IP) CNAME (Alias) must contain hostnames. No IPs here NS an MX records must contain host names. No IPs allowed. MX records (for mail servers)  should contain hostnames NOT IPs. Too Many Mechanisms Section 10.1, "Processing Limits" of the SPF RFC 4408 specifies the following in regards to DNS lookups: SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier.  If this number is exceeded during a check, a PermError MUST be returned.  The "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier do count against this limit.  The "all", "ip4", and "ip6" mechanisms do not require DNS lookups and therefore do not count against this limit. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record has been evaluated. This limit is in place to prevent SPF lookups from being a useful avenue for Denial of Service attacks. Using an example SPF record as an example to illustrate, this record was breaking with 12 look-ups: example.com text = "v=spf1 include:_spf-a.example.com include:_spf-b.example.com include:_spf-c.example.com include:_spf-ssg-a.example.com include:spf-a.anotherexample.com ip4:131.107.115.215 ip4:131.107.115.214 ip4:205.248.106.64 ip4:205.248.106.30 ip4:205.248.106.32 ~all" [ 5 mechanisms] _spf-a.example.com  text = "v=spf1 ip4:216.99.5.67 ip4:216.99.5.68 ip4:202.177.148.100 ip4:203.122.32.250 ip4:202.177.148.110 ip4:213.199.128.139 ip4:213.199.128.145 ip4:207.46.50.72 ip4:207.46.50.82 a:mh.example.m0.net ~all"  [ +1 = 6 mechanisms] mh.example.m0.net a = 209.11.164.116 _spf-b.example.com text = "v=spf1 include:spf.messaging.example.com ip4:207.46.22.35 ip4:207.46.22.98 ip4:207.46.22.101 ip4:131.107.1.27 ip4:131.107.1.17 ip4:131.107.65.22 ip4:131.107.65.131 ip4:131.107.1.101 ip4:131.107.1.102 ip4:217.77.141.52 ip4:217.77.141.59 ~all" [+1 = 7 mechanisms] spf.messaging.example.com text = "v=spf1 include:spfa.anotherexample.com include:spfb.anotherexaple.com include:spfc.anotherexample.com -all"  [+3 = 10 mechanisms] spfa.anotherexample.com  text = "v=spf1 ip4:157.55.116.128/26 ip4:157.55.133.0/24 ip4:157.55.158.0/23 ip4:157.55.234.0/24 ip4:157.56.112.0/24 ip4:157.56.116.0/25 ip4:157.56.120.0/25 ip4:207.46.100.0/24 ip4:207.46.108.0/25 ip4:207.46.163.0/24 ip4:134.170.140.0/24 ip4:157.56.110.0/23 -all" [+0 = 10 mechanisms] spfb.anotherexample.com  text = "v=spf1 ip4:207.46.51.64/26 ip4:213.199.154.0/24 ip4:213.199.180.128/26 ip4:216.32.180.0/23 ip4:64.4.22.64/26 ip4:65.55.83.128/27 ip4:65.55.169.0/24 ip4:65.55.88.0/24 ip4:94.245.120.64/26 ip4:131.107.0.0/16 ip4:157.56.73.0/24 ip4:134.170.132.0/24 -all" [+0 = 10 mechanisms] spfc.anotherexample.com  text = "v=spf1 ip4:207.46.101.128/26 ip6:2a01:111:f400:7c00::/54 ip6:2a01:111:f400:fc00::/54 ip4:157.56.87.192/26 ip4:157.55.40.32/27 ip4:157.56.123.0/27 ip4:157.56.91.0/27 ip4:157.55.206.0/24 ip4:157.55.207.0/24 ip4:157.56.206.0/23 ip4:157.56.208.0/22 -all" [ +0 = 10 mechanisms] _spf-c.example.com  text = "v=spf1 ip4:203.32.4.25 ip4:213.199.138.181 ip4:213.199.138.191 ip4:207.46.52.71 ip4:207.46.52.79 ip4:131.107.1.18 ip4:131.107.1.19 ip4:131.107.1.20 ip4:131.107.1.48 ip4:131.107.1.56 ip4:86.61.88.25 ip4:131.107.1.44 ip4:131.107.1.37 ~all" [+0 = 10 mechanisms] _spf-ssg-a.example.com  text = "v=spf1 include:_spf-ssg-b.example.com include:_spf-ssg-c.example.com ~all"  [+2 = 12 mechanisms] _spf-ssg-b.example.com  text = "v=spf1 ip4:207.68.169.173/30 ip4:207.68.176.1/26 ip4:207.46.132.129/27 ip4:207.68.176.97/27 ip4:65.55.238.129/26 ip4:207.46.222.193/26 ip4:207.46.116.135/29 ip4:65.55.178.129/27 ip4:213.199.161.129/27 ip4:65.55.33.70/28 ~all"  [+0 = 12 mechanisms] _spf-ssg-c.example.com text = "v=spf1 ip4:65.54.121.123/29 ip4:65.55.81.53/28 ip4:65.55.234.192/26 ip4:207.46.200.0/27 ip4:65.55.52.224/27 ip4:94.245.112.10/31 ip4:94.245.112.0/27 ip4:111.221.26.0/27 ip4:207.46.50.221/26 ip4:207.46.50.224 ~all" [+0 = 12 mechanisms] spf-a.secondexample.com  text = "v=spf1 ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all" [+0 = 12 mechanisms] Character String Too Long 255 character limitation in a single string kb.isc.org/article/AA-00356/0/Can-I-have-a-TXT-or-SPF-record-longer-than-255-characters.html string-functions.com/length.aspx You may have more than 255 characters of data in a TXT or SPF record, but not more than 255 characters in a single string. If you attempt to create an SPF or TXT record with a long string (>255 characters) in it, BIND will give an error (e.g. "invalid rdata format: ran out of space".)  Strings in SPF and TXT records should be no longer than 255 characters.  However to get around this limitation, per RFC 4408 a TXT or SPF record is allowed to contain multiple strings, which should be concatenated together by the reading application.  In the case of use for SPF (using either TXT or SPF RRs) the strings are concatenated together without spaces as described below.  Reassembly by other applications of multiple strings stored in TXT records might work differently. 3.1.3. Multiple Strings in a Single DNS record As defined in [RFC1035] sections 3.3.14 and 3.3, a single text DNS record (either TXT or SPF RR types) can be composed of more than one string. If a published record contains multiple strings, then the record MUST be treated as if those strings are concatenated together without adding spaces. For example: IN TXT "v=spf1 .... first" "second string..." MUST be treated as equivalent to IN TXT "v=spf1 .... firstsecond string..." SPF or TXT records containing multiple strings are useful in constructing records that would exceed the 255-byte maximum length of a string within a single TXT or SPF RR record. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22 ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:94.236.119.0/26  ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all“ text = "v=spf1 ip4:199.15.212.0/22“ " ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24" " ip4:72.32.243.0/24 ip4:94.236.119.0/26" " ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all" Null Records in the SPF Record A record that is NULL or that does not exist will break an SPF record.  Syntax within the record is very important, if there are extra spaces between mechanisms it will count as NULL. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22“ <- accurate text = "v=spf1 ip4: 199.15.212.0/22“ <- NULL (NOTE the space between IP4: and the IP) Repetitive Records in the SPF Record - Void Lookups If there are too many repetitive mechanisms in the SPF record, including records that cascade (for example when using "include:") the record will break. There is a MAX of 2 void look ups in an SPF record.  More than that and the record will break.  This prevents SPF records from being used in Denial of Service style attacks. Validation Tools SPF checker, syntax validator and SPF tester http://www.kitterman.com/spf/validate.html SPF checker http://vamsoft.com/support/tools/spf-policy-tester SPF validator http://vamsoft.com/support/tools/spf-syntax-validator CIDR Calculator http://www.subnet-calculator.com/cidr.php Nslookup network-tools.com/nslook/ SPF creation wizard microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ Common SPF errors openspf.org/FAQ/Common_mistakes SPF syntax definitions openspf.org/SPF_Record_Syntax

Issue:   You or your sales reps are getting an error when editing your leads or contact records in Salesforce saying "The record you were editing was modified by Account Marketo during your edit session".   This error will usually occur in Salesforce when you are in the Edit page in while at the same time the Marketo sync is updating that same record by our periodic API sync. While this error occurs very rarely, and usually by performing mass updates from Marketo (usually by batch campaigns).   Resolution:   Here are some steps you can take from a Marketo perspective to resolve or significantly reduce the chances of this error occurring:        1. Change the process that you use to update records in Salesforce - You can successfully reduce this error by using Inline editing (by double clicking on the individual field on the record) as opposed to doing a mass update of multiple fields on 1 record (by using the Edit button).   Inline Editing - As the screenshot below shows, this done by double clicking on the individual field on your record then updating the field and then pressing the "Save" button or double pressing on the Enter key on your keyboard.   Mass Editing - this is done by first pressing the "Edit" button on the record's detail page, which will then take you the the Edit page where you can mass update multiple records then press the "Save" button.        2. Increase the Salesforce sync interval time - Another option to reduce the the possibility or receiving this error is to reduce the number of times that Marketo syncs with Salesforce. This option in effect increases the time between Marketo and salesforce syncs.  (The default is 5 minutes.)  The downside to this option is that updates made in Marketo will take a longer to sync to Salesforce and vice versa. If you want to proceed with this option, you will need to contact Marketo support to get your sync wait time increased.    

  Yes. There is a daily/weekly Recommended Assets email report that can be configured to be sent to users. Recommended Assets Report This email report includes all the pieces of content and count of clicks on the Content Recommendation Bar. To customize which automated email report the user receives, see: Email Reports - Marketo Docs - Marketo User Manual .  

  Issue User Receives Communication Failure Error / bandaid when creating a new Email from a custom Template due to unapproved snippet. Resolution Email templates can contain code to reference a snippet by ID: <div class="mktoSnippet" id="FooterText" mktoName="Footer Text" mktoDefaultSnippetId="3"></div> If the snippet is not approved then a new email asset cannot be created, and instead a bandaid error occurs.   The snippet should be approved first before the template is used.    If the ID of the snippet in the HTML is 3 and the pod sj27, the URL to the asset would be Login | Marketo  

Issue:   You create Marketo campaigns but they are not showing up in Sales Insight in Salesforce. The steps below illustrates all the steps that are required to make these campaigns show in Sales Insight.     Resolution:   1. Make sure the trigger campaign in Marketo that you want to access through Sales Insight is using the "Campaign is Requested" trigger with a source of "Sales Insight" This is a article attached imageThis is a article attached image   2. Activate the campaign you created in Step 1 above from the "Schedule" tab of your campaign. This is very important. If the campaign not activated, it will never show up in Sales Insight.  

An email being filtered to a quarantine or bulk mail folder happens after the recipient mail server has accepted message.  Once an email has been accepted by a mail server, it is impossible to tell where it went or what happened to it.  Note that this is true of any mail sent by any system on the Internet.   Every mail server has configurable filters that determine how received mail will be handled.  The mail server administrator should be able to adjust those filters to ensure delivery of emails based on their business standards, or there may even be end-user-configurable controls that can accomplish the same thing.   If test mailings you are sending to yourself or your colleagues are being filtered to a quarantine or bulk mail folder, you should consider asking your email administrator to whitelist Marketo’s IP ranges.  They can be found here.   You can also improve your deliverability in general by setting up SPF and DKIM records, and branding your tracking links.

What is HSTS? The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP.  This prevents man-in-the-middle attacks by telling the browser it should never interact with their domain without first establishing a secure HTTPS connection.   What does this mean for Marketo assets? A domain can assert the HSTS policy for all of it's subdomains.  This means both the subdomains used for Marketo landing pages and the subdomains for Marketo tracking links must also be secured with SSL certificates.  If HSTS is asserted and the Marketo subdomains are not secured, people that visit landing pages or click on tracked links in emails will receive security errors and browsers will not load the pages.   This is resolved by purchasing both Secured Domains for Landing Pages and Secured Domains for Tracking Links.  There are very few exceptions where a domain utilizing HSTS will not need to secure both landing page domains and tracking link domains.   How do I know if my domain is using HSTS? Reach out to your IT and/or web development team to confirm whether or not your domain utilizes HSTS and if both Secured Domains and Tracking Links are necessary for your business.  If your website utilizes HSTS and has the "include subdomains" flag set to true, you will need to secure both your landing page domains and tracking link domains in almost all circumstances.   Google Chrome has a built in HSTS checker that you can use to verify your HSTS settings.   1.  Visit the root domain of your website with the Chrome browser.  For example, if your Marketo landing pages use visit.acme.com, navigate to acme.com.  This will load the domain's HSTS policy into Chrome.   2.  Navigate to chrome://net-internals/#hsts in Chrome.  This will load Chrome's HSTS checker.   3.  In the "Query HSTS/PKP domain" section, type in your domain you wish to check.  Click "Query".   This is a article attached image   4.  If the query returns "Found" with a list of configuration settings, you will need to check two settings: If either "status_upgrade_mode" or "dynamic_upgrade_mode" have the value "FORCE_HTTPS" or "STRICT", then the domain is enforcing HSTS and all connections are made over HTTPS. If either "static_pkb_include_subdomains" or "dynamic_pkp_include_subdomains" are equal to "true", then all subdomains are subject to the HSTS policy.   If both of the above are true then both Secured Domains for Landing Pages and Tracking Links may be required.   If the query returns "Not Found", or is not using a "FORCE_HTTPS" or "STRICT" policy then the landing page and tracking link subdomains may not have strict HTTPS requirements.     Always verify with your IT and/or web development team as to what your domain's security policies and requirements are.  Failure to properly secure your landing page or tracking domains according to your domain's security policy may result in landing pages or tracking links not resolving in browsers.  A lack of a strict HSTS policy does not necessarily mean you do not need to secure your Marketo domains.       My domain asserts HSTS on my subdomains but I do not have HTTPS encryption with my Marketo subscription.  What do I do? Reach out to your Customer Success Manager to discuss purchasing Secured Domains for Landing Pages and Secured Domains for Tracking Links.  Configuration instructions can be found below: Overview & FAQ: Secured Domains for Landing Pages Overview & FAQ: Secured Domains for Tracking Links

Questions? Ask Support! Securing your Adobe Marketo Engage Landing Pages By default, Marketo Engage serves domains as HTTP, and historically we’ve given our customers the choice of whether or not to secure their Marketo Engage domains (HTTPS); however, in 2018, browsers enforced new security measures to better protect their users - one of which was to flag all non-secure (HTTP) web pages with a visible "Not Secure" warning (the unlocked pad lock icon in the address bar). This effectively shifted the choice of using secured (HTTPS) domains from a best practice to a requirement. Marketo Engage's Secured Domains solution secures any and all domains defined in your instance so they will be served via HTTPS.  For a full explanation of the benefits Secured Domains provides, in contrast with a basic SSL certificate, please see this Nation Post.   NOTE: As of late 2019, Marketo Engage changed it's pricing/packaging to now automatically include a base Secured Domains package with ALL subscriptions. This base offering secures the first landing page domain and first tracking link domain to provide all of our customers with the basic necessities of digital marketing. Should you use more than these two domains, they may be purchased a la carte, so customers only pay for what they need. Contact your Marketo Engage Customer Success Manager to purchase additional Secured Domains or discuss further.   Identifying Landing Page Domains in Your Instance Please note the below only covers securing your Landing Page domains. For steps on how to secure your Tracking Link domains, please visit this Nation Post.   New Subscriptions: If you’re a new Marketo Engage customer with a new subscription, one of the steps in setting up your instance is to set your CNAMES, landing pages domain name, and any domain aliases. For more information see, Customizing Your Landing Pages URL with a CNAME and Adding Additional Landing Page CNAMEs. Once this is done, you’ll be ready to count the unique domains (as described below) and initiate the Secured Domains provisioning process through Support.   Established Subscriptions: Have you had your Marketo Engage subscription for a while and want to know how many landing page domains you have configured in your instance? If you’re a Marketo Engage Admin, you can see your landing pages domain name and domain aliases by navigating to: Admin console > Integration > Landing Pages   On the Landing Pages tab, you’ll see your landing pages Domain Name. In the example www.info.mycompany.com, the first part of the URL (info.) is your CNAME and the second part (mycompany.com) is the top-level domain (TLD). Marketo charges per unique top-level domain - i.e. only the orange part.   Next, you’ll also need to check the Rules tab and look for Domain Aliases.   It’s important to note that when it comes to securing your Marketo Engage landing pages, the Secured Domains for Landing Pages process will secure all of the domains in your instance. It’s an all-or-nothing action, meaning you cannot chose which domains to secure for HTTPS and which to leave HTTP.  And don’t worry – we’ll count these up for you so we can scope your subscription correctly.   The Secured Domains Provisioning Process The process to secure your landing page domains includes steps that must be completed on Marketo Engage’s side as well as steps that you’ll need to complete in your instance prior to us enabling HTTPS.   First, you'll need to configure your domains, choose a CNAME, and point it to your unique Marketo domain (i.e. prefix.mktoweb.com). These first-time-setup instructions can be found here.   Then, you'll need to contact Marketo Support to complete the process. NOTE: Domains are NOT automatically secured once they're configured in your instance - you MUST contact Support for any domain changes!   On our side, we’ll first provision your prefix.mktoweb.com domain on Cloudflare servers, then complete the secure handshake validation between DigiCert and Cloudflare to provision the necessary SSL certificates to serve your landing pages over HTTPS.   On your side, to ready your instance for the conversion to HTTPS, you’ll need to review, update and re-approve your landing pages: Change all images, JavaScript files and other external links in landing pages to HTTPS. Pages with HTTP links may display an “Insecure Content on Secure Pages” error. You can read more about that here: What Exactly Is a Mixed Content Warning? If you include a Marketo Engage landing page on a secure website using an iframe, you will need update the HTML to load the secure version of the landing page, otherwise the end user will get a security warning. If you use a Marketo Engage Form on a non-Marketo Engage page, you will need to update the follow-up URL to HTTPS if you’ve explicitly referenced a HTTP page.   Once you’ve completed the steps above, it’s time to coordinate the cut-over to HTTPS with Marketo. You’ll need let Marketo Engage Support know that you’re ready to initiate the cut-over process.   NOTE: To help ensure a smooth transition, please confirm with your IT team that they have NOT placed a CAA against DigiCert on your top-level domain (this grants permission to only specific vendors to issue SSL certificates to your domain). We’ll work with you to plan a time when you have few or no upcoming batch campaigns running, and also a time when your team is available, if needed, to make a few updates in your Marketo instance.   RECOMMENDATION: After the cut-over, you may notice that images are not displayed in the Marketo Engage email editor or preview mode. Rest assured your emails will send correctly and the images will render for recipients. To see the images in Marketo Engage, you must adjust the image URLs from HTTP to HTTPS in the editor. Again, whether you take this step or not, the images will render properly for your email recipients.      That’s it! Once our team enables Secured Landing Pages for your instance, your landing pages will be served via HTTPS. Of course, it’s a good idea to do some validation of your pages after the cut-over to be sure your pages are loading correctly, images are loading, and that you didn’t miss any hard-coded HTTP links. Moving your pages to HTTPS, you can rest assured that you’re providing critical security and data integrity for both your pages and your visitors’ personal information. Good job, you!   OTHER HELPFUL FAQs Cloudflare has blocked my domain from being secured by Marketo Engage. What does this mean and how do I resolve it? Cloudflare takes security steps on their SSL for SaaS v2 platform used by Adobe Marketo Engage to ensure domains belonging to the internet's most popular brands and websites are not issued SSL certificates without explicit permission from it's owner. Cloudflare pulls from the list of the top 1 million domains on the internet from Tranco to determine which domains it will block from securing without consent.   Adobe does not control the content of this list and cannot make changes to add or remove your domain. If your domain is on this list, Customer Support may report that your domain is unable to be secured without taking extra steps. Your business may either: Request a certificate from LetsEncrypt instead of Digicert. LetsEncrypt offered certificates do not have the same restrictions. Submit a Letter of Authorization with your request to Customer Support. This must be a signed letter on company letterhead confirming that your company authorizes Adobe Marketo Engage to secure your requested subdomains. Do I need to provide a TLS/SSL Certificate? No, in fact, to avoid the unnecessary hassle, risk and fire drills caused by expired certificates, Marketo Engage now only accepts customer-provided certificates on an exception-only basis. The certificates included with Secured Domains auto-renew annually without any human interaction on either side.   What Certificate Authority (CA) issues the certificates for the Marketo Engage’s Secured Domains? The certificates are authored by DigiCert.   What type of certificate is provided? We produce a pack of two certificates; The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC.   Will my domains be on a shared SSL certificate with other companies? Absolutely NOT! That's like sharing the same car lock with other people - avoid dealing with vendors who offer this service. Each of your domains will get its own certificate, meaning you will not be on a shared certificate with other companies.   Will all the subdomains be covered? Marketo Engage defines a subdomain interchangeably with CNAME for billing purposes. As an example, with your company.com domains, the subdomains go.company.com, info.company.com, help.company.com etc. would could as 3 unique subdomains. Please keep in mind that company.com, company.com.uk, company.com.ca are separate top-level domains.   Can I choose which domains/subdomains to secure? Securing your domains is all-or-nothing, meaning the process automatically secures all domains/subdomains you've set up in your instance. If you do not use or need old domains lingering in your instance, be sure to delete them so you're not charged.   If I have a CAA record, can it affect my certificate issuance? Yes, CAA records MUST be configured to allow DigiCert issuance, or else we will be restricted from issuing one. Please check with your IT team to ensure this is not a blocker. Further information: https://www.digicert.com/dns-caa-rr-check.htm   Can I provide my own SSL certificate to secure my domains? Not unless they are the Extended Validation (EV) certificate type. If not, but your IT team has instructed you they must manage them, please reach out to your CSM with the business use case and any details to request an exception. Please note this only causes additional risk, hassle, time, and effort on all parties.   We require an Extended Validation (EV) certificate. Can the Secured Domains for Landing Pages product accommodate this? Since the certificate provided with Secured Domains is not an Extended Validation (EV) type, Marketo Engage absolutely allows customers who require this (typically healthcare, finance, government) to procure the EV certificate/private key and provide this to Marketo Engage Support; however, please note you will then be 100% liable for managing/renewing/sending Marketo Engage the new certificate with ample time to install it to avoid expiration. Expired certificates will not be categorized as a P1.   What Marketo Engage configuration is required to complete the Secured Domains setup? One or more CNAMEs for the Marketo Landing Pages must be configured in the Admin section of the application as described here: Setup Steps - Marketo Docs - Product Docs   How many domains can I secure? Technically, as many as you like. However, please note there is an additional cost associated with secured multiple domains beyond the first two covered by the base offering.   If I am using Domain Aliases in my Marketo Engage subscription, do I have to secure each of these? Securing your Marketo Engage landing pages requires you to secure all domains used in your instance including your Domain Aliases.   How do I see the Landing Page domains in my instance? Marketo Engage Admins can see your landing pages domain name and all domain aliases by clicking on Landing Pages in the Integration section of the Admin console. On the Landing Pages tab, you will see your full Landing Page Domain Name. On the Rules tab, you will find all Domain Aliases set up for your instance. For the Secured Domains for Landing Pages you will need to count the number of domains used in your instance. When counting domains, please provide the number of unique top-level domains – only the orange part here: www.info.mycompany.com Are Domain Aliases for different countries counted separately? When counting domains, you might have the same CNAME but unique top-level domains: info.mydomain.com, info.mydomain.au, info.mydomain.de. Even though the CNAME is the same, the top-level domains (mydomain.com, mydomain.au and mydomain.de) are unique and thus counted as such (3 total domains). Vice-versa, unique CNAMEs (info., go., pages.) with the same top-level domain (mycompany.com) are considered subdomains of a single top-level domain.    Will URLs to the existing non-secure (HTTP) Marketo Engage Landing Pages continue to work? Your existing HTTP URLs will continue to work and will automatically be redirected to the secure (HTTPS) pages. There are only few situations where you may have to manually update the URL, specifically when you include a Marketo Engage landing page on a secure website using an iframe. In this case, you will need to load the secure version of the landing page, otherwise the end user will get a security warning.   Does securing my Marketo Engage landing pages also secure my corporate website? No. Marketo Engage Secured Domains only affects the landing pages served by Marketo, because the underlying domain is technically a Marketo Engage domain (i.e. your CNAME 'points' to prefix.mktoweb.com). It does not affect any pages on your corporate (non-Marketo) website.   If I don’t use Marketo Engage Landing Pages, do I need Secured Domains for Landing Pages? Most likely, as there are many aspects of Marketo Engage that rely on your domains being secured, such as assets and images. Further, if you are embedding Marketo Forms on secured non-Marketo Engage webpages, the default form code snippet that Marketo provides uses //[munchkinID].mktoweb.com which is a Marketo domain that can be served securely on a HTTPs parent page (the // indicates the request will use whatever protocol the parent uses). With this, your Marketo Engage form will take on the security level of the page it’s embedded on regardless of whether you’re using our Secured Domains for Landing Pages product.    Will the Munchkin JavaScript API also be encrypted via SSL? Calls to the Munchkin JavaScript API automatically switch to SSL if the page on which the calls are made is SSL encrypted.   Can I add additional Domains to my instance and secure these too? Once you’ve secured your landing page domains with the Secured Domains for Landing Pages process, you will need to contact Marketo Engage when adding additional domains/domain aliases. Please contact your Marketo Engage Customer Success Manager. There is an additional a la carte charge depending on the number of domains you are adding.   Do I need to secure my tracking links as well? If your company enforces HSTS (a web directive that denies any redirects from HTTP links), you WILL need to also secure your Tracking Links for your recipients' email->landing page functions correctly. For more information on HSTS and Marketo subdomains, please see the following documentation SSL: The HSTS Policy and Your Marketo Subdomains If not, Marketo still recommends using secured links as a best practice, as it can help with deliverability and avoid spam traps; plus, it looks far more professional to have secured links, and can foster brand confidence when your recipients know their email->web page redirect is fully secure.   For additional questions on anything technical, just ask the Marketo Support team! If it's a pricing or commercial question, please reach out to your Customer Success Manager.

The fields and records that will sync from Salesforce are defined by the permissions of the Marketo sync user. Therefore, if you want to prevent specific records or fields from syncing with Marketo, change the permissions of the sync user so they do not have access to the records and fields you do want to sync. Alternatively, you can work with Marketo Support to set up a Custom Sync Filter that will prevent records from syncing based on the value in a specified field. Restricting Leads from Syncing to SFDC With Sync Filters 

Our sync employs a field level conflict resolution mechanism. For a particular record, if field X is updated in Microsoft Dynamics CRM and field Y is updated in Marketo, then we will update Marketo with the new value for field X and Microsoft Dynamics CRM with the new value for field Y.  In the case where the same field is updated on both systems for a particular record with a short period of time, we will choose the Marketo value as the winner for Leads and the Microsoft Dynamics CRM value as the winner for Contacts.

We have enhanced the behavior of the unsubscribe functionality to make it “durable”.  We have added a master email status, which is separate from the unsubscribe flag visible on the lead detail record.   If the unsubscribe flag is set from false to true, the master email status is updated, and the change is propagated to other leads with the same email address. Update the Unsubscribe flag from True to False (e.g. Re-subscribe a lead) When a lead is imported, the unsubscribe flag WILL NOT be overwritten by the import. Here are the ways a lead can be re-subscribed: 1.   In SFDC, uncheck the Email Opt Out field.  This WILL sync to Marketo. 2.   Manually update the lead detail record by un-checking the unsubscribe flag 3.   Run a Change Data Value Flow Action on one or many leads a.  Select the attribute “unsubscribe” and set the value to False 4.   Update an existing lead via SOAP API 5.   Form Field – set a field on a form to set the unsubscribe flag to “false” and this will unsubscribe the lead a. Best practice would be to have text on the form that says that by filling out this form, they are agreeing to receive email communication Creating a New Lead When a new lead is created, we check it against the master email status table.  If the lead was previously unsubscribed, we will update the record to be unsubscribed.   Changing an email address If you change the email address of a lead to an unsubscribed email address, the lead will be unsubscribed.  This change can occur in either Marketo or SFDC. If you change an unsubscribed email address to one that is subscribed, the lead will be subscribed.    

The Named Accounts (or Account Based Marketing) module is sold separately. If you did purchase this module follow these instructions to create a new Named Account list. Common issues when uploading a new list: 1. Total number of records exceeded Root cause:  Each account is eligible for up to 10,000 named account records. Contact your account manager to purchased an additional package of records or remove old lists. 2. Your account is not enabled for uploading Named Account Lists. Contact your account manager for more details Root cause: You didn't purchase the Named Accounts module or your account is misconfigured and this module is disabled - contact support.  

Issue: When creating an event the WebEx connector may throw the message: Error registering with webinar provider. exception="WebEx API call error; Self registration is not supported by this service type or current meeting. [WebEx exception ID = '110051'] "   Solution: Please make sure the event in WebEx is set up to receive registrations. To do this you need to go to the event in WebEx and check the registration required checkbox. References Create an Event with WebEx - Marketo Docs - Product Docs WebEx Event Center guide    

Here's how you can use tokens and URL parameters to automatically assign leads to Salesforce campaigns after filling out a form.  These tokens work in all of the Salesforce campaign flow steps:   Add to Salesforce Campaign Change Status in Salesforce Campaign Remove from Salesforce campaign   Get the Salesforce campaign ID and status   You need two things to begin this process -- the name or ID of the Salesforce campaign you want to sync to and a valid status in that campaign.  You can get the ID for the campaign by opening that campaign in Salesforce and copying the last 15 characters from the URL.  Here's an example campaign URL; the ID is highlighted:   naX.salesforce.com/701F00230001Z9z   To get the valid statuses, click on "Advanced Setup" on the campaign's page     The status should be listed there:     Create new fields   First, you need to create two new fields -- "SFDC Campaign ID" and "SFDC Campaign Status" -- both of type "string".  You can create these on your lead and contact records in Salesforce, or contact Marketo support to add those custom fields in your Marketo account.   Create or edit the form   After you create those fields, the next step is to incorporate them into your forms.  Create a new form or edit an existing form, then drag those two fields into your form.  Make them both hidden fields and set them to populate from a URL.  If you're unfamiliar with them, this article on hidden fields has details on how they work. Making a Field Hidden on a Form When setting the values for those fields, use a real Salesforce campaign ID and status as the default value.  Here's how you might edit the settings for those fields:   SFDC Campaign ID: Default Value: [a real Salesforce campaign ID or name] Populate from: URL Parameter Parameter name: campaignID   SFDC Campaign Status: Default Value: [a real Salesforce campaign status for the campaign you chose] Populate from: URL Parameter Parameter name: status   And here's what your form might look like when done:   Now you have a form that automatically add leads to the default Salesforce campaign you selected and that you can override with URL parameters.   Create a Smart Campaign   Next, you need to create a campaign that will add these leads to the selected (or default) Salesforce campaign.  We'll trigger this campaign to launch whenever someone fills out your form: In the flow, first you need to sync the lead to Salesforce so that you can add it to a campaign.   Then you can add it to the Salesforce campaign using the values in the SFDC Campaign ID and SFDC Campaign Status fields.  To do this, use the tokens for those fields in your flow step:  {{Lead.SFDC Campaign ID}} for the campaign name and {{Lead.SFDC Campaign Status}} for the status.  If you type "{{" in the fields, the auto-suggest will help you enter that text correctly:     Your finished flow should look like this:     Finally, in the schedule tab set this campaign to run every time and activate it.     Launch your landing page   If you modified a form already in use, you can now go to that landing page, fill out the form, and watch as your lead gets synced to the Salesforce campaign you chose.  If this is a new form, create and approve a new landing page which uses that form.  After filling out the form, you should see the lead added to the default Salesforce campaign specified in your form:     Use URL parameters to override the default campaign and status.  For our forms, the campaign is set by the "campaignID" URL parameter and the status by the "status" URL parameter.  For example, this URL:   offers.marketo.com/offers.html?campaignID=701A00000009K3l&status=Responded will assign the lead to the Salesforce campaign "701A00000009K3l" (the Salesforce internal ID) with the status "Responded."  If either value has spaces or special characters, make sure that you URL encode them before adding them to your URL.   Using tokens in other Salesforce campaign flow steps   These tokens work in all of the Salesforce campaign flow steps -- Add, Remove, and Change Status in SFDC campaign.  Follow the same directions as above but substitute the appropriate flow step in place of the Add to SFDC Campaign step.   Diagnosing errors   If your leads are not syncing to your Salesforce campaigns, first go to the Activity Log for that lead and double click the line that has the failed flow step. The information that appears will help you figure out what the problem might be. The most common errors you'll encounter are: Spelling errors in your tokens -- use the autosuggest to help Using an SFDC campaign ID or name that doesn't exist -- check the spelling of the campaign or ID The lead doesn't exist in salesforce -- sync the lead to Salesforce before adding him/her to your campaign Using a status that doesn't exist for that campaign -- change the status to one that does exist for the campaign, or add a new status to the campaign in Salesforce

I'm trying to find out who had a lead score change from a specific smart campaign - would I use data value changed with a reason or some other filter?   The Data Value Change trigger/filter with the Reason constraint is appropriate for finding leads that had their Lead Score changed by something such as a manual edit or Smart Campaign. This is a article attached image This is a article attached image This screen shot shows examples of how you might set this up.   The list below shows a few of the values you may see in the Reason field. If you know the exact phrase you are looking for, use the "is" operator. For example, "Changed by Smart Campaign Contact Us." If you don't know the exact value, try using the operator "starts with" or "contains."   Synched from salesforce.com Changed by Smart Campaign System flow action System action reset Form fill-out SOAP API Manual lead edit Munchkin API Import/merge into list   The Reason filter constraint is available in these filters:   Data Value Changed Lead Partition Changed Progression Status was Changed Revenue Stage was Changed Not Data Value Changed Not Lead Partition Changed Not Progression Status was Changed Not Revenue Stage was Changed

Can Marketo make updates to the Account object in Salesforce? Out of the box when you get your new Marketo instance and go through connecting it with Salesforce we restrict ourselves from making any changes to the Account object in Salesforce. You are probably use to seeing two way data sync for all objects such as Leads and Contacts, however Account works in a single direction: We have made this design decision in part due to the following scenario: John Doh works for Marketo but also runs a small business on the side Marketo currently has about 200 employees He has filled out a form with "Marketo" as his company The next time he fills out a form he does it on behalf of his own business and changes the company name in the form to "John's Small Business" but fails to change the Email Address If Account Write permissions are enabled, everyone in SFDC  associated to Marketo (all 200 people) will now be associated to John's Small Business! As such we have decided to stop Marketo from making any updates to the Account object out of the box. If you want to enable Marketo to make Account level updates in Salesforce we can definitely enable this for you however you must make considerations and move forwardcautiously so that you do not run into any unwanted behavior. If you want Marketo to update all Account fields except for Account Name, you can accomplish this by making use of the "Block Field Updates" feature. This can help stop any updates from happening in the Marketo database from sources such as Form Fill-Out, List Import... Once you have given this topic enough thought and planned out which fields you will be blocking from updates and from which sources, you can: Ask your enablement manager for this change if you are in the enablement process Submit a support ticket if you are out of enablement and flying solo

Issue: You have Opportunities in Salesforce but they are not showing in Marketo.    Solution: 1) Check Opportunity permissions in Salesforce - Your first line of troubleshooting this issue is to ensure that the Salesforce profile being used by your Marketo sync user has the Create/ReadEdit/Delete access on the Opportunities object in Salesforce.     2) Check the "Contact Roles" Related List - Ensure that the "Contact Roles" Related List in Salesforce under the Opportunity's detail page is populated     3) Ensure that the Marketo sync user has visibility in Salesforce to see the Opportunity - Log in to Salesforce with the Marketo sync user and ensure that the missing Opportunity in Marketo is visible to this Marketo sync user. If the Marketo sync user can't see the Opportunity then the Opportunity will not sync to Marketo.   4) Check to see the time that the Opportunity was created in Salesforce - Often times you have all the correct Opportunities permissions in Salesforce but the Opportunities are still not showing in Marketo because the Opportunity was recently created and you have not allowed enough time for that Opportunity to sync to Marketo. In this scenario, the only thing you can to is wait. If your sync is busy processing other items, you usually need to wait for these pending items to sync before the newly created Opportunity will sync to Marketo.